kaniko

Kaniko is a tool that builds container images (self-contained software packages that include everything an app needs to run) from a Dockerfile, but without requiring Docker to be installed or running on the host machine. A Dockerfile is a text recipe that describes how to package your application.

The problem it solves is specific to Kubernetes clusters (a system for running many containers together at scale): standard Kubernetes environments do not allow running a Docker daemon for security reasons, making it impossible to build new images from within the cluster. Kaniko sidesteps this by executing each step of the Dockerfile entirely in user space — no privileged access or Docker daemon required.

You would use kaniko when you need to build and push container images as part of an automated pipeline running inside Kubernetes, such as a CI/CD workflow (a system that automatically tests and deploys code). It supports pushing the finished image to Docker Hub, Amazon ECR, Google Container Registry, Azure Container Registry, and other registries. It also supports layer caching to speed up repeated builds.

Kaniko is written in Go and is meant to run as a container image itself. Note: as of the archival date stated in the README, this project is no longer actively developed or maintained.